Skip to content

Add git-secrets-scan workflow #146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 25, 2025
Merged

Add git-secrets-scan workflow #146

merged 4 commits into from
Nov 25, 2025

Conversation

@currantw
Copy link
Collaborator

@currantw currantw commented Nov 17, 2025
edited
Loading

Adds a git-secrets-scan workflow that installs and executes git-secrets on pushes to main and release branches. This helps to ensure that passwords, secrets, and other sensitive information does not get committed.

@currantw currantw self-assigned this Nov 17, 2025
@currantw currantw requested a review from a team as a code owner November 17, 2025 21:34
@currantw currantw requested review from affonsov and Copilot November 17, 2025 21:34
Copilot finished reviewing on behalf of currantw November 17, 2025 21:35
Copilot AI reviewed Nov 17, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a new GitHub Actions workflow to scan for secrets and sensitive information using the git-secrets tool. The workflow runs on pushes to main and release branches to help prevent accidental commits of passwords, API keys, and other credentials.

  • Adds automated secret scanning using git-secrets from AWS Labs
  • Configures workflow to run on main, release-, and v branches with manual trigger support
  • Sets up concurrency controls to cancel redundant runs

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@currantw currantw force-pushed the currantw/git-secrets branch from 6438a90 to bd23a4c Compare November 17, 2025 22:15
@yipin-chen yipin-chen requested a review from alexr-bq November 18, 2025 16:23
@currantw
Copy link
Collaborator Author

currantw commented Nov 18, 2025

Steps for running locally:

brew install git-secrets
cd <ROOT_DIR>
git secrets --register-aws
git secrets --scan

xShinnRyuu
xShinnRyuu approved these changes Nov 18, 2025
View reviewed changes
Copy link
Collaborator

@xShinnRyuu xShinnRyuu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

yipin-chen
yipin-chen approved these changes Nov 20, 2025
View reviewed changes
Copy link
Collaborator

@yipin-chen yipin-chen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CIs are red.

@currantw currantw force-pushed the currantw/git-secrets branch from 7dbac4f to 2df5993 Compare November 20, 2025 18:10
affonsov
affonsov reviewed Nov 20, 2025
View reviewed changes
Copy link
Collaborator

@affonsov affonsov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as valkey-io/valkey-glide#4983 (review)

affonsov
affonsov requested changes Nov 20, 2025
View reviewed changes
Copy link
Collaborator

@affonsov affonsov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

change to be part of the pull request workflow

@currantw currantw mentioned this pull request Nov 22, 2025
Merged
6 tasks
@currantw
Add git-secrets-scan workflow
0ab5469 
Signed-off-by: currantw <[email protected]>
@currantw
fix(ci): run git-secrets scan on pull requests instead of push
4009714 
Change git-secrets workflow to trigger on pull_request events rather than
push events to main/release branches. This prevents secrets from being
merged rather than detecting them after the fact.

Addresses review feedback to catch secrets before merge.

Signed-off-by: currantw <[email protected]>
@currantw
Fix formatting
ed3edb1 
Signed-off-by: currantw <[email protected]>
@currantw
Arrggg. More linting problems
a0e92cb 
Signed-off-by: currantw <[email protected]>
@currantw currantw force-pushed the currantw/git-secrets branch from 2df5993 to a0e92cb Compare November 22, 2025 21:00
@currantw currantw merged commit 116eb05 into valkey-io:main Nov 25, 2025
23 of 25 checks passed
@currantw currantw deleted the currantw/git-secrets branch November 25, 2025 23:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@xShinnRyuu xShinnRyuu xShinnRyuu approved these changes

@affonsov affonsov affonsov approved these changes

@alexr-bq alexr-bq alexr-bq approved these changes

@yipin-chen yipin-chen yipin-chen approved these changes

Assignees

@currantw currantw

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@currantw @xShinnRyuu @affonsov @alexr-bq @yipin-chen